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Abstract 

This study presents the first two authenticated semi-quantum direct communication (ASQDC) 
protocols without using any classical channel. By pre-sharing the master secret key between 
two communicants, a sender with advanced quantum devices can transmit a secret message 
to a receiver who can only perform classical operations without any information leakage. The 
receiver is then capable of verifying the message up to the single qubit level, i.e., a one-qubit 
modification of the transmitted quantum sequence can be detected with a probability close to 
1. Moreover, the proposed protocols are resistant to several well-known attacks. 

Keywords: Authentication; Authenticated semi-quantum communication; Bell states; Quantum 
communication; Quantum cryptography; Semi-quantum communication. 


1 Introduction 

Authentication, which is a process used for guaranteeing the integrity and origin of a transmitted 
message, is an important topic in information security. Due to authentication of the message, the 
receiver (the verifier) can determine whether or not the receiver is communicating with the alleged 
participant (the sender). Moreover, authentication can be used to verify the integrity of the received 
message without any modification. The feature of authentication is a very important requirement in 
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various quantum cryptographic environments, such as quantum key distribution (QKD) protocols, 
quantum secure direct communications (QSDC), deterministic secure quantum communications 
(DSQC), quantum dialogue (QD), quantum private comparison (QPC), and quantum secret sharing 
(QSS). To simplify the design, however, the majority of the abovementioned environments focus on 
the following two methods of providing secrecy as well as authentication. 

1. An authenticated classical channel (i.e., transmitted information that can be eavesdropped 
but not modified) is assumed to be available for providing authentication, which can be further 
used for detecting eavesdropping. Accordingly, both the information integrity and originality 
can be guaranteed. In practice, however, if two communicants want to communicate with each 
other, the QKD or QSDC protocol must be performed whenever a communication session is 
initiated. That is, both communicants must be in an environment where an authenticated 
classical channel is available, which could be a restriction for some applications. For example, 
a traveling mobile user will have difficulty maintaining an authenticated classical channel with 
low-power mobile devices. 

2. All participants are required to have quantum capabilities. That is, the protocol requires 
that every participant has access to quantum memory and has the ability to prepare/measure 
arbitrary quantum states and to perform operations. However, not all participants can afford 
such expensive quantum resources and operations for various applications. In this case, it will 
be difficult to apply these protocols in practical environments. 

To resolve these issues, Yu et al. (2014) proposed authenticated semi-quantum key distribution 
(ASQKD) protocols [T]. In these protocols, by pre-sharing a master secret key between two com¬ 
municants, a sender with advanced quantum devices can transmit a working key to a receiver, 
who can only perform classical operations, without requiring an authenticated classical channel. 
According to the definition in lais], the term “semi-quantum” implies that the sender, Alice, is 
a powerful quantum communicant, whereas the receiver. Bob, has only classical capabilities. More 
precisely, the sender (Alice) has the ability to perform following operations: (1) prepare any quan¬ 
tum state such as single photons and Bell states, (2) perform any quantum measurement such as 
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Bell measurement and multi-qubit joint measurement, and (3) store qubits in a quantum memory. 
Conversely, the classical receiver (Bob) is restricted to performing the following operations over 
the quantum channel: (1) prepare new qubits in the classical basis {|0), |1)} (i.e., the Z basis), (2) 
measure qubits in the classical basis, (3) reorder the qubits via different delay lines, and (4) send 
or reflect the qubits without disturbance. Because the classical basis only considers the qubits |0) 
and |1), other quantum superpositions of single photons are not considered. Hence, the operations 
performed by Bob are equivalent to traditional {0,1} computation. Following Boyer et ah, Yu et al. 
also proposed two types of ASQKD protocols, namely randomization-based ASQKD and measure- 
resend ASQKD. The difference between these two protocols lies in the capability of the classical 
Bob. In the randomization-based ASQKD protocol, classical Bob is limited to performing opera¬ 
tions (2), (3), and (4), whereas in the measure-resend ASQKD protocol, classical Bob is limited to 
performing operations (1), (2), and (4). Because the ASQKD protocol allows a classical Bob to be 
a receiver and does not require an authenticated classical channel, an authenticated semi-quantum 
protocol can reduce not only the computational burden of the communicants but also the cost of 
the quantum hardware devices in practical implementations. 

In this paper, we propose authenticated semi-quantum direct communication (ASQDC) proto¬ 
cols using Bell states. To the best of our knowledge, there is no existing ASQDC protocol that 
enables the quantum sender to directly send a secret message to the classical receiver without any 
information leakage. Furthermore, the proposed ASQDC protocols have the following features: 

1. The protocols do not require any classical channel. 

2. The pre-shared secret key between two communicants can be reused. 

3. The protocols can satisfy the requirements of a quantum direct communication protocol, 
which was defined by Deng et al. |3]. First, the secret messages should be directly read out 
by the legitimate user Bob when he receives the quantum states, and no additional classical 
information is needed after the qubit transmission. Second, the secret messages, which have 
been previously encoded with quantum states, should not leak even though an eavesdropper 
may access the channel. 
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4. The security of the proposed ASQDC protocols is guaranteed by quantum mechanics, i.e., by 
the uncertainty of quantum measurement and the no-cloning theory. 

5. The protocols can resist impersonation attacks, intercept-and-resend attacks, modification 
attacks, and other well-known attacks. 

Moreover, the proposed ASQDC protocols, together with the semi-QKD or QKD protocol, are 
more effective than merely performing the QSDC protocol to solve the abovementioned scenario. 
Hence, the proposed ASQDC protocols will be more practical in various environments such as 
sensor communications, in which a sensor with limited capability wants to collect or receive secret 
information based on the security provided by quantum mechanics. 

The remainder of this paper is organized as follows. Section 2 presents our ASQDC protocols 
using Bell states, and Section 3 provides security analyses of the proposed protocols. Finally, our 
conclusions are given in Section 4. 

2 Proposed ASQDC Protocols 

This section presents two ASQDC protocols, which enable a quantum sender, Alice, to send an ^- 
bit secret message m to a classical receiver. Bob. In Section 2.1, the randomization-based protocol 
is proposed. After that, the measure-resend one is given. 

2.1 Randomization-based ASQDC protocol 

Let us assume that Alice and Bob pre-shared two secret keys Ki and K 2 , where Ki G {0,1}" and 
K 2 G {0,1}^. Besides, the quantum channels here are assumed to be noiseless and lossless. The 
procedure of the randomization-based ASQDC is described in the following steps (see also Figure 
1 ): 

Step 1. Alice calculates M = m\\h (m), where ‘11’ denotes concatenation and /i () is a one-way hash 
function to produce an f-bit checking value of m. After that, Alice generates a sequence 
of Bell states, S = {si, S 2 ,..., }, based on M, where Si = {ql,ql} for i = 1,2,..., That 
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is, if the ith bit of M is zero, i.e., M* = 0, Alice produces Si in |$+) = (|00) + |11)). 

Otherwise, Alice produces ^ (|01) + |10)). Then, Alice generates the checking state 

C = {ci, C 2 ,..., C;j } randomly in the states of ]$“'') and whose initial state is denoted 


as /S'c, where Cj = |gc^,(7(4| for j = 1,2, After that, she divides these | Bell 

states into two ordered sequences, Ca = = |<ZC 2 |- Now, she reorders the 

quantum sequences S and Cb together according to the secret key Ki to obtain the new 
quantum sequence Q. After the above preparation, Alice retains the sequence Ca and sends 
the sequence Q to Bob. 


Step 2. When Bob receives the qubits in Q, he puts every qubit into the delay line device whose 
traveling time is long enough to wait for the last qubit enters so that he can get the ordered 
sequence S' and C'^ according to Ki. After that, he performs a Z-basis measurement on each 
qubit in S' and obtains the measurement result MRb- Then, Bob can calculate {M')' = 
0 MR'^g to derive M' = m'\\h (m)^ That is, ii MRb =00 (11), then M' = 000 = 0 
(1 0 1 = 0). If MRb = 01 (10), then M' = 001 = 1 (100 = 1). Bob calculates h {m') and 
compares it with the received h {m)'. If h (m') = h (m)', Bob believes that the message m! 
is indeed sent from Alice without any disturbance. Otherwise, Alice and Bob will terminate 
the protocol and start it again. 

Step 3. Bob reorders the qubits C'g based on the secret key K 2 to obtain C'^ and reflects C'^ back 
to Alice via different delay lines. 

Step 4. Upon receiving C'^, Alice can recover the reflected qubits in the correct order based on 
K 2 to obtain the ordered sequence C'^ = |(<ZC 2 )'’ |. Then Alice performs Bell measurement 
on (^c^)'’ ! for j = 1,2,..., I to obtain IS'^ and then check whether each corresponding 
set of two qubits in IS'q is consistent with the states she generated in Step 1, ISc- If the 
transmission between Alice and Bob is secure, then it means Alice has successfully transmitted 
the secret message to Bob. 
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Figure 1: The proposed randomization-based ASQDC protocol 


2.2 Measure-resend ASQDC protocol 

Here, a measure-resend ASQDC protocol, which modifies the operations that Bob is allowed to 
perform in the randomization-based ASQKD described in section 2.1, is as follows (see also Figure 
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2). The modified steps (*) are listed in detail, as follows. The others are the same as those described 

in section 2.1. In this case, we assume Alice and Bob pre-share a secret key Ki, where Ki G {0,1}”. 

Besides, the quantum channels here are assumed to be noiseless and lossless. 

Step 2*. Based on the secret key Ki, Bob decides to perform either SHARE or CHECK on each 
received qubit. In the SHARE mode. Bob measures the received qubit using the Z basis 
to obtain the measurement result MRg and returns a qubit of the same state to Alice. 
However, in the CHECK mode. Bob reflects the qubit without any disturbance back to Alice. 
Let assume the returned quantum sequence is Q'. 

Step 3*. Bob recovers MRb to the ordered sequence MR'^ based on Ki. After that, he calculate 
{M'Y = 0 {MRY)^^ to derive M' = rr^'||h(?7^)^ That is, if MRb = 00 (11), then 

M' = 0 0 0 = 0 (1 0 1 = 0). If MRb = 01 (10), then M' = 0 0 1 = 1 (1 0 0 = 1). Then, Bob 
calculates h (m') and compares it with the received h (rn)'. If h {m!) = h (m)', Bob believes 
that the message m' is indeed sent from Alice without any disturbance. Otherwise, Alice and 
Bob will terminate the protocol and start it again. 

Step 4*. Upon receiving Q', Alice can recover Q' based on Ki to obtain the ordered sequence Q" = 
S''\\C'Y- After that, Alice performs Bell measurement on |gc4, J — 1)2,..., ^ to 

check whether each corresponding set of two qubits is consistent with the states she generated 
in Step 1. If there is no eavesdropper, Alice performs Bell measurement on s" = |((3'")* > (9D*| 
for i = 1,2,...,^. If the message is 0 (1), i.e., the initial state is 1$"'') (l^*”)), then the 
measurement result, Mb, is one of , |$~)} ({|^^), 1^'”)})- H the measurement results 

are all in the same as their initial states (i.e., or |'I'^)), then it indicates a reflecting 

attack, and hence, Alice and Bob will terminate the protocol and start it again. 
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Figure 2: The proposed measure-resend ASQDC protocol 











Both ASQDC protocols use the entanglement correlation of the Bell state to detect the presence of 
eavesdroppers. The only difference between these two protocols (the randomization-based ASQDC 
and the measure-resend ASQDC) is in the type of operations that Bob is allowed to perform in 
Step 2 and Step 2*. In the proposed ASQDC protocols, a one-way hash function is used in the 
background for eavesdropping check and for verifying the integrity of a secret message. Based on 
the property of a one-way hash function, one-bit error in the input (i.e., a transmitted message) 
will cause significant changes in the output (i.e., a hashed value) and can be detected in Step 2 
and Step 3*. This property is very useful in checking message integrity if the quantum channel 
is reliable or ideal. In reality, however, some states of the transmitted qubits may be changed 
due to the unexpected interference of the optical fiber or due to the environment. These changes 
of the transmitted qubits caused by noises will be detected as an eavesdropping by the proposed 
protocol. In this situation, quantum error correction codes [71 HI II [ini El EH iia can be applied 
after the hash function to solve this problem. As a result, small errors can be corrected by the 
introduced quantum error correction code and the majority errors due to malicious users can be 
detected by the one-way hash function. By combining quantum error correction code and a one-way 
hash function with quantum mechanics, the proposed protocol can provide data privacy as well as 
message integrity on the noisy quantum channel. 

In the proposed ASQDC protocols, the pre-shared secret keys are used for user authentication 
and message authentication. However, it should be noted that the secret keys can be reused if no 
eavesdropper is detected. Consequently, the communicants do not have to renew the secret keys, 
which is a tedious work, after completing a protocol execution. Only when a failure occurs in the 
eavesdropping check or when the secret keys are used for a long period of time does the new secret 
keys have to be shared again between Alice and Bob. 

3 Security Analyses 

In this section, three well-known attacks, i.e., the impersonation attack, the intercept-and-resend 
attack, and the modification attack, are analyzed respectively. It should be noted that only the 
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security of the randomization-based ASQDC protocol is analyzed in detail. As for the security of 
the measure-resend ASQDC protocol, the same analysis can be performed. 

3.1 Security against impersonation attack 

An attacker, Eve, may try to impersonate Alice to send a forged message to Bob. Without knowing 
the pre-shared key ATi, however. Eve will be caught by Bob with a very high probability. In the 
randomization-based ASQDC protocol, suppose Eve generates a sequence of qubits, Qe, and sends 
them to Bob in Step 1. If Eve can pass the eavesdropping check in Step 2, then she is able to 
successfully impersonate Alice to send a forged message to Bob. However, without knowing the 
pre-shared key Ki, Eve cannot perform the correct reorder operation on and eventually the 
comparison in Step 2 will be failed. Since one-bit error in the input (i.e., a transmitted message) 
will cause significant changes in the output (i.e., a hashed value), the probability for Eve to be 
detected in the randomization-based ASQDC protocol is close to 1. 

On the other hand. Eve may try to impersonate Bob to communicate with Alice. In the 
randomization-based ASQDC protocol. Eve may intercept the sequence Q sent from Alice to Bob 
in Step 1. Since Eve does not know the secret key Ki and K 2 hence she does not know how to 
choose the reflecting qubits in Q and does not know how to perform the reorder operation on the 
chosen qubits, respectively. In this case, she will randomly choose some qubits in Q and randomly 
reorders the chosen qubits and sends them to Alice in Step 3. If, however. Eve reflects the wrong 
qubits with the wrong order back to Alice, then Eve can successfully pass the verification process 
of Alice with a probability of | for each qubit. For example, if the initial state is (|'I'“)), then 
Alice performs the Bell measurement on the wrong qubit to obtain the measurement result 1$^) 
(|'I'~)) with a probability of | because she will randomly obtain one of the four measurement results 
from {|‘h“'"), |‘h~),, 1^'”)}- As a result. Eve has a probability of | (= 5 + 5 x 5 ) to pass the 
verification for each qubit. Hence, the probability for Eve to be detected in the randomization- 
based ASQDC protocol is 1 — (|) ^. The detection probability would converge to 1 when n is large 
enough. 
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3.2 Security against intercept-and-resend attack 

Eve may launch the intercept-and-resend attack in hope that she can get the useful information 
about the secret message M without being detected. In this attack, Eve intercepts the sequence Q 
in Step 1 and measures it with Z basis ({|0), |1)}). After that, she generates the same states based 
on her measurement results and sends them to Bob. However, each secret message in M is encoded 
into a Bell state (|00) -I- |11)) (if M* = 0) or ^ (|01) -I- |10)) (if M* = 1) and 

then reordered with the checking states Cb based on Ki. Without knowing the secret key Ki, Eve 
cannot identify which qubit belongs to S and which qubit belongs to Cb- Therefore, Eve cannot 
recover the measurement results to the correct order and hence cannot calculate the secret message 
of Alice. 

Besides, any arbitrary measurement on Cb would destroy the entanglement of a Bell state and 
eventually will be detected by Alice in Step 4 with a probability of | for each Bell state in Cb ■ For 
example, if the initial state of the Bell state is 1$+), after Eve performs the intercept-and-resend 
attack, the state of the Bell state will collapse to |00) /|11)) (since |4>+) = ^ (|00) -I-111))). In 
Step 4, Alice will perform the Bell measurement on |00) / |11) and she will obtain the measurement 
result |4>+) with a probability of since | 00 ) = ^ d'l’''’) + I'l’”)) and | 11 ) = ^ (|4>''') — |4>“)). 
As a result. Eve has a probability of ^ to pass the verification for each Bell state. The probability 
for Eve to be detected in the randomization-based ASQDC protocol is 1 — ( 5 ) ^. The detection 
probability would converge to 1 when n is large enough. 

3.3 Security against modification attack 

In the modification attack. Eve may try to modify one-bit message of the transmitted qubits, Q, 
by using the unitary operation iay and make the receiver to obtain a wrong message without being 
detected. The following two cases show that Eve will be detected by using the checksum h (m') 
of the hash function or the entanglement correlation of a Bell state as the integrity verification 
mechanism. 

1. If Eve performs the unitary operation on a qubit belong to the sequence S and then 
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sends it to Bob. However, arbitrary modification will lead to the wrong measurement result, 
and Bob can detect the modification with 100% probability in Step 2. This is similar to the 
security analysis proposed in [HITSIITS]: if the 1 -bit message is modified, then the computed 
checksum h {m') cannot be equal to the measured checksum, h (m)', according to the feature 
of a collision-free hash function. 

2. If Eve performs the unitary operation iay on a qubit belong to the sequence Cb and then 
sends it to Bob. Then the the Bell state |$+) (|4'“)) will be changed to |^'~) (|$'*')). An 
arbitrary modification to a qubit, however, could lead to the wrong measurement result and 
eventually would be detected by Alice. Hence, Eve cannot pass the verification process of 
Alice because the measurement result cannot be equal to the initial state. 

Therefore, the proposed ASQDC protocol is secure against the modification attack to a single qubit 
level because Eve cannot modify the sequence Q without being detected. 

4 Conclusion 

In this paper, we propose two authenticated semi-quantum direct communication (ASQDC) pro¬ 
tocols without using classical channels. The first proposed protocol is the randomization-based 
ASQDC protocol, and the other protocol is based on the measure-resend ASQDC protocol. In both 
proposed ASQDC protocols, a sender with advanced quantum devices can transmit a secret message 
to a receiver, who can only perform classical operations, without information leakage through the 
pre-shared secret keys. The security analyses show that the proposed protocols are resistant to the 
impersonation attack, the intercept-and-resend attack, and the modification attack. However, we 
should note that, like all semi-quantum schemes, the proposed protocols suffer from Trojan-horse 
attacks nil Ell US]. To prevent this kind of attack, a photon number splitter (or a photon beam 
splitter (PBS): 50/50 [2D]) device and a wavelength filter device could be adopted |211 [221 [2D112^ . 
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